Creating a page in Firefox causes the create dialog to wait indefinitely

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only. This article only applies to Atlassian products on the server and data center platforms.

Problem

When using Mozilla Firefox to create a new page in Confluence, the waiting icon displays and the blueprints do not display. This does not occur in Google Chrome.

 

The following appears in the atlassian-confluence.log

atlassian-confluence.log
2015-11-17 12:06:36,537 WARN [http-nio-8090-exec-6] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://confluence.mycompany.com/rest/analytics/1.0/publish/bulk , origin: null , referrer: null , credentials in request: true , allowed via CORS: false

Diagnosis

Environment

  • Confluence 5.8.13 or above
  • Mozilla Firefox browser
  • Confluence has custom HTML in the <head> section (or content="never")

     <meta name="referrer" content="none">

Cause

Firefox is not sending the Referrer: header when the Create button is clicked.

In versions of Confluence before 5.8.13, the Create button was rendered as a HTML <a> tag.

<a id="create-page-button" class="aui-button aui-style aui-button-primary aui-nav-imagelink" title="Create Content (c)" href="/pages/createpage.action?spaceKey=DGN&fromPageId=4292610">
<span>Create</span>
</a>

From Confluence 5.8.13 this was changed to a JQuery activation

<a id="create-page-button" href="#" class="aui-button aui-style aui-button-primary aui-nav-imagelink" title="Create Content (c)">
<span>Create</span>
</a>

Firefox added a feature based on a W3 specification where pages can include a HTML meta tag that will stop the browser sending the Referer: header. This is added in Confluence in Confluence Admin > General Configuration > Custom HTML.

Firefox without the Referer header

Firefox with the Referer header

In Confluence, if there is no Referer: header then the XSRF checks will throw an error and content will not render.

Resolution

You will need to remove the HTML meta tag.

  1. Go to Confluence Admin > General Configuration > Custom HTML
  2. Click Edit
  3. Remove the offending <meta name="referrer" content="none">
  4. Click Save

If this does not resolve your problem, please review Cross Site Request Forgery (CSRF) protection changes in Atlassian REST for more information.

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.